diff --git a/group_vars/ext_nginx.yml b/group_vars/ext_nginx.yml index b3f39ae..cfc0b04 100644 --- a/group_vars/ext_nginx.yml +++ b/group_vars/ext_nginx.yml @@ -66,7 +66,7 @@ sites_available: - 10.242.3.0/24 - fqdn: vtt.ezri.dev - enabled: no + enabled: yes upstream: http://10.242.203.13:3000 max_upload: 512M @@ -97,3 +97,4 @@ streams_available: - 10.242.203.1 - 10.242.203.13 - 10.242.3.0/24 + - 10.242.0.0/24 diff --git a/inventory b/inventory index 44a962b..37e6c6b 100644 --- a/inventory +++ b/inventory @@ -5,61 +5,110 @@ local: vars: ansible_connection: local +root_login: + hosts: + tynan.rum.ezri.dev: + dewalt.rum.ezri.dev: + children: + proxmox + vars: + ansible_user: root + ansible_become: no + +localadmin_login: + hosts: + atlantis.net.ezri.dev: + agatha-king.db.ezri.dev: + assurance-of-peace.ext.ezri.dev: + peoples-home.int.ezri.dev: + nebuchadnezzar.ext.ezri.dev: + vars: + ansible_user: localadmin + ansible_become: yes + +self_login: + children: + desktops + vars: + ansible_user: ezri + ansible_become: yes + +arch: + hosts: + tynan.rum.ezri.dev: + normandy.network.ezri.dev: + serenity.network.ezri.dev: + rocinante.vpn.ezri.dev: + gathering-storm.vpn.ezri.dev: + +debian: + hosts: + dewalt.rum.ezri.dev: + atlantis.net.ezri.dev: + agatha-king.db.ezri.dev: + assurance-of-peace.ext.ezri.dev: + peoples-home.int.ezri.dev: + horizon.ext.ezri.dev: + nebuchadnezzar.ext.ezri.dev: + +proxmox: + hosts: + deep-space-nine.pve.ezri.dev: + starbase-one.pve.ezri.dev: + tycho-pallas.pve.ezri.dev: + + containers: hosts: - "peoples-home.servers.ezri.dev": - ansible_port: 2231 - # ansible_become: no - # ansible_user: root - tynan.servers.ezri.dev: - ansible_become: no - ansible_user: root - dewalt.servers.ezri.dev: - ansible_become: no - ansible_user: root - pathfinder.servers.ezri.dev: - ansible_become: no - ansible_user: root - sojourner.servers.ezri.dev: - ansible_become: no - ansible_user: root - atlantis.servers.ezri.dev: - ansible_become: no - ansible_user: root - vars: - ansible_become: yes - ansible_user: localadmin + tynan.rum.ezri.dev: + dewalt.rum.ezri.dev: + atlantis.net.ezri.dev: + agatha-king.db.ezri.dev: -unifi: +vms: hosts: - atlantis.servers.ezri.dev: + assurance-of-peace.ext.ezri.dev: + peoples-home.int.ezri.dev: + horizon.ext.ezri.dev: + nebuchadnezzar.ext.ezri.dev: desktops: hosts: normandy.network.ezri.dev: - serenity.wlan.ezri.dev: + serenity.network.ezri.dev: rocinante.vpn.ezri.dev: - vars: - ansible_become: yes + gathering-storm.vpn.ezri.dev: -sysadmin_exercise: +unifi: hosts: - phoenix.servers.ezri.dev: - ansible_become: yes + atlantis.net.ezri.dev: -nginx: +int_nginx: hosts: - peoples-home.servers.ezri.dev: + peoples-home.int.ezri.dev: ext_nginx: hosts: assurance-of-peace.ext.ezri.dev: ansible_port: 2231 - ansible_user: localadmin - ansible_become: yes -int_nginx: +nginx: + children: + int_nginx: + ext_nginx: + +htpc: hosts: - peoples-home.int.ezri.dev: - ansible_user: localadmin - ansible_become: yes + serenity.network.ezri.dev: + +docker: + hosts: + horizon.ext.ezri.dev: + +postgres: + hosts: + agatha-king.db.ezri.dev: + +matrix: + hosts: + nebuchadnezzar.ext.ezri.dev: diff --git a/playbooks/roles/nginx/templates/site.j2 b/playbooks/roles/nginx/templates/site.j2 index a765c42..74f81c1 100644 --- a/playbooks/roles/nginx/templates/site.j2 +++ b/playbooks/roles/nginx/templates/site.j2 @@ -13,6 +13,10 @@ server { ssl_certificate /etc/letsencrypt/live/{{ item.cert_domain|default(item.fqdn) }}/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/{{ item.cert_domain|default(item.fqdn) }}/privkey.pem; + if ($http_user_agent ~* "gptbot") { + return 444; + } + if ($scheme = "http") { return 301 https://$host$request_uri; }